On Dec 8, 2009, at 1:29 AM, sird@rckc.at wrote:
> I also like this option:
>
> 4. add a declarative option to <link> and <style> elements to say
> the CSS parser should be in a "sandboxed" mode
>
> I am doing something like that already on ACS ( http://docs.google.com/View?id=ddqtfnx3_381fxp3zjf3
> ) but having it on HTML5 would be greaaat.
What would be the effect of the "sandboxed" mode?
>
> Would it be possible to add it to <script>? (I also support this on
> ACS using Gareth Heyes's jsreg : http://tinyurl.com/jsreg ).
>
> In script it could work to define functions with a different
> principal.. this way the stuff in there can only work with
> references it receives from user functions (should have the same
> type of protections Mozilla adds to addons interacting with web
> content with Wrappers).
>
> This would probably be better than sandboxed iframes.. and would
> mitigate quite a lot of problems.
Having a single script operate with a different security origin would
be considerably more challenging to implement than sandboxed iframes.
Why is it better?
Regards,
Maciej